Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Network Security Podcast - Episode 65

Welcome to the Tenable Network Security Podcast - Episode 65

Hosts: Paul Asadoorian, Product Evangelist & Carlos Perez, Lead Vulnerability Researcher

Announcements


Stories

  • Nessus Viewer v1.0.0 released - The web site states: "Nessus Viewer enables IT Security auditors and penetration testers to quickly navigate inside Nessus reports by sorting and filtering each entry. It is able to import Nessus XML v2 reports and filter them by IP, host name, plugin name, operating system, keywords… It can also parse plugin outputs to extract and build clickable lists of web servers, Windows users, missing patches and much more." I think it's great to see a tool like this to help people with with Nessus data in specific cases.
  • Hacking your car for fun and profit - Researchers make an interesting statement about the various control systems in your car: they are plugged into a hub network, not a switch. This means there is no separation between systems, so if you gain access to the car, you gain access to all systems, including safety, brakes, etc. This is not a huge problem for now because cars are not connected to the Internet. Oh wait, enter the Chevy Volt, the first car to have an IP address (so I am told).
  • Internet ID For All Americans - "Possible methods of creating a ‘trusted identity’ could include issuing a ‘smart card’ or digital certificates that would prove that online users are who they say they are. They could then be used to buy goods and carry out financial transactions on the Internet."
  • We're Running Out Of IPv4 Address Space! - Seems that I hear this every year, that this will be the year when we run out of IP addresses. They always point to the fact that all kinds of devices, such as TVs, BlueRay players, Tivos, alarm clocks, and toasters will have an IP address. I have to say, I have a lot of devices on my home network. I love technology and get my hands on as much network-connected stuff as possible. I have a private subnet that can address 253 devices. I could use a Class A if I wanted to, and I still only need one public IP address. So, I fail to see the rush to IPv6, which I am pretty sure will not solve the security problem, but create more problems as people find more problems with IPv6 security.
  • Researcher Develops Password Hacking Software for Wi-Fi Networks Using Amazon Web Services - Don't get me wrong, I think this is a very useful way to attack WPA-PSK. Using "the cloud" to brute-force passwords has lowered the security of the password even further (if that was at all possible). However, is the defense against this attack simply to generate a random 16 character string and use that as a password? Of course, this is not user-friendly, so people tend to choose weaker keys. In the end, we are exploiting the human, not the technology.
  • Final Fifteen - Web Hacking Techniques - There are some really cool techniques in this list. I strongly suggest to our listeners that you review this list and learn about all of these techniques.

Related Posts

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.